**
implementation("com.aliyun:alimt20181012:1.4.0")
implementation("com.aliyun:tea-openapi:0.3.7")
**

引用这两个都会报名问题

CVE-2023-0833
4.7
可传递 Generation of Error Message Containing Sensitive Information

依赖项 maven:com.squareup.okhttp3:okhttp:3.12.13 vulnerable

升级到 4.9.2

CVE-2023-0833,分数: 4.7

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

阅读更多: https://www.mend.io/vulnerability-database/CVE-2023-0833?utm_source=JetBrains

结果由 Mend.io 提供技术支持

依赖项 maven:com.squareup.okio:okio:1.15.0 vulnerable

升级到 3.4.0

CVE-2023-3635,分数: 5.9

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

阅读更多: https://www.mend.io/vulnerability-database/CVE-2023-3635?utm_source=JetBrains

结果由 Mend.io 提供技术支持